[Openid-specs-fapi] OBIE trustee recommendations

Anders Rundgren anders.rundgren.net at gmail.com
Sun Feb 5 02:16:39 UTC 2023 

On 2023-02-04 23:21, Joseph Heenan via Openid-specs-fapi wrote:
> Hi Anders,
c-i-l

<snip>
>> However, according to OBIE/FAPI (direct and indirect), competing head-to-head with card payments (or Apple) was never a part of the game.
> 
> Those are two very different organisations.

Yes, but FAPI profiles is AFAIK a common denominator.


> It is clear that the remit for ‘free’ APIs from OBIE (and the very related EU PSD2 ones) never included enabling the use cases you mention, like replacing card payments for in-person retail transactions. You are clearly unhappy about this, but the unhappiness needs to be directed at your politicians - these were political decisions, not technical ones.

In several discussions with payment professionals on LinkedIn, my claim that Open Banking (à la OBIE), is not competitive with Apple Pay were dismissed.  However, in the Berlin Group this was extensively discussed in an ad-hoc advisory group which I participated in 2020.  The political issues you refer to were never on the table.  I am not a PSD2 expert but with respect to payments the only thing it mandates is SCA.  Apple Pay (EMV) does SCA and is thus PSD2 compatible, although this take on SCA has virtually nothing in common with the SCA methods used by Open Banking and 3D Secure.


> The FAPI working group has never (to my recollection) taken a position on this point, 

Right, and I do not understand why.  The long-term success of the rest of Open Banking and thus FAPI may very well depend on it.  The competition is certainly not at the same point.  The recent W3C standard pushed by VISA/MasterCard may (as I pointed out), even *invalidate* the SCA solutions that OBIE depends on. Through related developments the PC/Mobile FIDO connection through BLE is also addressed.  Most of this is already shipping.  This is an entirely new situation.


> and if people build card-replacement type solutions (as OBIE is I think may be trying to enable with their premium APIs) FAPI can be used as part of the solution (and FAPI is used in the OBIE premium APIs).

That's very interesting! I find it odd that there is no whitepaper or similar to read about this.  It may be of interest knowing that the Berlin Group solutions I mentioned were unrelated to OAuth2.


Anders

> 
> Joseph
> 
> 
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-fapi

More information about the Openid-specs-fapi mailing list